About this Journal Submit a Manuscript Table of Contents
Mathematical Problems in Engineering
Volume 2013 (2013), Article ID 165029, 11 pages
http://dx.doi.org/10.1155/2013/165029
Research Article

A Quantitative Assessment Approach to COTS Component Security

1School of Computer Science and Telecommunication Engineering, Jiangsu University, Zhenjiang 212013, China
2School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China
3School of Software and Communication Engineering, Jiangxi University of Finance and Economics, Nanchang 330013, China

Received 28 August 2012; Revised 26 December 2012; Accepted 31 December 2012

Academic Editor: Huaguang Zhang

Copyright © 2013 Jinfu Chen et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. J. Chen, Y. Lu, and X. D. Xie, “Component security testing approach by using interface fault injection,” Journal of Chinese Computer Systems, vol. 31, no. 6, pp. 1090–1096, 2010.
  2. S. Gudder and R. Greechie, “Uniqueness and order in sequential effect algebras,” International Journal of Theoretical Physics, vol. 44, no. 7, pp. 755–770, 2005. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  3. I. O. Mkpong-Ruffin, Quantitative risk assessment model for software security in the design phase of software development, [Ph.D. thesis], Auburn University, Auburn, Ala, USA, 2009.
  4. J. Han and Y. Zheng, “Security characterization and integrity assurance for component-based software,” in Proceedings of the International Conference on Software Methods and Tools (SMT '00), pp. 61–66, IEEE Computer Society, Wollongong, Australia, 2000. View at Publisher · View at Google Scholar
  5. F. Jabeen and M. Jaffar-Ur Rehman, “A framework for object oriented component testing,” in Proceedings of the IEEE International Conference on Emerging Technologies, (ICET '05), pp. 451–460, Islamabad, Pakistan, September 2005. View at Publisher · View at Google Scholar · View at Scopus
  6. K. Md. Khan, J. Han, and Y. Zheng, “Characterizing user data protection of software components,” in Proceedings of the Software Engineering Conference, pp. 3–11, Canberra, Australian, 2000. View at Publisher · View at Google Scholar
  7. K. M. Khan and J. Han, “A security characterisation framework for trustworthy component based software systems,” in Proceedings of the 27th Annual International Computer Software and Applications Conference (COMPSAC '03), pp. 164–169, November 2003. View at Scopus
  8. K. M. Khan and J. Han, “Assessing security properties of software components: a software engineer's perspective,” in Proceedings of the Australian Software Engineering Conference (ASWEC '06), pp. 199–208, Sydney, Australia, April 2006. View at Publisher · View at Google Scholar · View at Scopus
  9. K. Khan, J. Han, and Y. Zheng, “A framework for an active interface to characterise compositional security contracts of software components,” in Proceedings of the Australian Software Engineering Conference (ASWEC '01), pp. 117–126, 2001. View at Publisher · View at Google Scholar
  10. “Common criteria project/ISO. Common criteria for information technology security evaluation,” version 2.1 (ISO/IEC International Standard 15408). NIST, USA and ISO, Switzerland, 1999, http://csrc.nist.gov/cc/.
  11. O. H. Alhazmi and Y. K. Malaiya, “Quantitative vulnerability assessment of systems software,” in Proceedings of the Annual Reliability and Maintainability Symposium (RAMS '05), pp. 615–620, January 2005. View at Publisher · View at Google Scholar · View at Scopus
  12. Y.-K. Zhang, S.-Y. Jiang, Y.-A. Cui, B. W. Zhang, and H. Xia, “A qualitative and quantitative risk assessment method in software security,” in Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering, (ICACTE '10), pp. V1534–V1539, Chengdu, China, August 2010. View at Publisher · View at Google Scholar · View at Scopus
  13. X. Tang and B. Shen, “Extending model driven architecture with software security assessment,” in Proceedings of the 3rd IEEE International Conference on Secure Software Integration Reliability Improvement, (SSIRI '09), pp. 436–441, Shanghai, China, July 2009. View at Publisher · View at Google Scholar · View at Scopus
  14. X. Wang, H. Shi, T. Y. W. Huang, and F. C. Lin, “Integrated software vulnerability and security functionality assessment,” in Proceedings of the 18th IEEE International Symposium on Software Reliability Engineering (ISSRE '07), pp. 103–108, Trollhattan, Sweden, November 2007. View at Publisher · View at Google Scholar · View at Scopus
  15. K. Goševa-Popstojanova and K. S. Trivedi, “Architecture-based approach to reliability assessment of software systems,” Performance Evaluation, vol. 45, no. 2-3, pp. 179–204, 2001. View at Publisher · View at Google Scholar · View at Scopus
  16. “NVD Common Vulnerability Scoring System (CVSS),” http://nvd.nist.gov/cvss.cfm.
  17. Y. Jiang, G. M. Xin, J.-H. Shan, L. Zhang, B. Xie, and F.-Q. Yang, “Method of automated test data generation for web service,” Chinese Journal of Computers, vol. 28, no. 4, pp. 568–577, 2005. View at Scopus
  18. M. E. Delamaro, J. C. Maldonado, and A. P. Mathur, “Interface mutation: an approach for integration testing,” IEEE Transactions on Software Engineering, vol. 27, no. 3, pp. 228–247, 2001. View at Publisher · View at Google Scholar · View at Scopus
  19. J. M. Voas and K. W. Miller, “Predicting software's minimum-time-to-hazard and mean-time-to-hazard for rare input events,” in Proceedings of the 6th International Symposium on Software Reliability Engineering, pp. 229–238, October 1995. View at Scopus
  20. J. Chen, Y. Lu, and X. Xie, “A fault injection model of component security testing,” Computer Research and Development, vol. 46, no. 7, pp. 1127–1135, 2009. View at Scopus
  21. J. Chen, Y. Lu, W. Zhang, and X. D. Xie, “A fault injection model-oriented testing strategy for component security,” Journal of Central South University of Technology, vol. 16, no. 2, pp. 258–264, 2009. View at Publisher · View at Google Scholar · View at Scopus
  22. J. Chen, Y. Lu, X. Xie, et al., “Design and implementation of an automatic testing platform for component security,” Computer Science, vol. 35, no. 12, pp. 229–233, 2008.